RIPE 80
Anti‑Abuse Working Group
14 May 2020
10 a.m. (CEST)
BRIAN NISBET: Hello. And good morning. I hope we are all well on this Thursday morning, the ‑‑ who knows, it's like the 60th March at this point in time. Good morning to the RIPE 80 Anti‑Abuse Working Group session.
Obviously we have the shorter sessions today. I am going bring up a slide here.
So, we're going to bring up the agenda. So, we have ‑‑ the fun things of virtual meetings. Welcome to the Anti‑Abuse Working Group session. I am Brian Nisbet, and we have two co‑chairs who are the other two co‑chairs of the Working Group. We have 45‑minute sessions this morning for all of the Working Groups and this has been working quite well and this is what we're going to do for anti‑abuse as well. That said, everything else, it's as close to a physical meeting as possible because this is the real RIPE 80. There is a chat, there is a Q&A. We really have one particularly substantive thing to discuss.
Just some housekeeping. All of the Q&A will be through either the Zoom window in the Q&A window please, or in the IRC channel and there is a hash anti‑abuse channel there. There is a RIPE chat monitor in the channel, so they will transfer your questions into the Q&A, or you can just write them into the Zoom Q&A, depending on how you are watching and inter acting with this, obviously we're trying to make it as open as possible.
If you are chatting in Zoom chat, please select all panelists and attendees unless you want to have some sort of secret conversation. I will remind everyone that this session is being recorded for posterity and everything else; as per usual RIPE meeting, everything will go up online and there is the live transcription. Again, go on the Irish, we have the same wonderful people in doing our live steno for this morning.
Let's go back to my own agenda here.
With a do we have?
I don't have Remco's overhead projector or Gert's fake overhead projector, we just ‑‑ it's a very boring PowerPoint here, I apologise.
We have done the welcome, all the details, and again thanks to all of the NCC staff and the steno folks who will help us all with this and we can go back and review things later and see and make sure we actually said what we think we said. I have talked about the chat etiquette, which is great.
I may have made a mistake, I'll look at that, I was typing things yesterday.
Rating talks: You can rate the talks. Now, sometimes there is ‑‑ it's appropriate, sometimes it isn't, but, look, we always welcome feedback on a variety of things and if rating the talks on ripe80.ripe.net is a suitable way of doing that, then great, I am happy for you to do that. I'm looking at the chat here, George, it's all good, I didn't take it all that seriously. It's fine. We'll struggle through.
It's very difficult not getting any immediate reaction from the audience doing these streams. So we're all learning as we go along.
You can rate the talks as appropriate. Any feedback you have for us is greatly received.
So, moving further into this. Approving the minutes from RIPE 79. The minutes were distributed. There is ‑‑ there was no feedback. Nothing huge. So unless there are any comments now, questions or comments in the chat, we will consider those minutes approved, and give people a few seconds to type or something like that.
Finalising the agenda. Are there any last items or otherwise or points that anybody wants to add to the agenda, folks? Again, there is a couple of options on the mailing list but if there is nothing there.
Okay. Then with the currently 250 participants, we will move further into it.
Recent list discussion. Oh, boy, have we had some recent list discussion!
There has been a lot. That is a thing that has happened. I don't really plan to go through this in great detail. I have written, along with the co‑chairs, quite a bit of on‑list conduct, on‑list conversation. I will admit to all of you, it gets a little tiring after a while when these things kind of spring up yet again, as really only seems to happen on our Working Group, or at least particularly happen on our Working Group, and that's the nature of the community to a certain extent. But I would remind everybody again that when you are sending a mail to a mailing list, you are interacting with potentially hundreds of people, perhaps more. You are putting yourself out there in front of the world, and the ‑‑ you know, there are small ‑‑ a there are a huge number of people who interact really well and positively, it's just a great pity that unfortunately there are a small number. I suppose that's the story of humanity to no small extent.
The Code of Conduct exists, and there is more on that later today for those who are interested about the community Code of Conduct. But, it is there, it does exist and we would ask people to pay attention to it.
One thing I would say is that if you see somebody who is doing something who you feel is out with the Code of Conduct, please always feel happy to e‑mail the chairs. We have probably seen it, but we might not have, especially if it's at the weekend. Because I certainly, I don't check my mail obsessively over the weekend. So we may well have seen it. We are probably talking about it, we are probably looking at doing something in the background, obviously the visible substantiation of that might take a little while to work through but we're getting better and faster. We're also talking to the NCC about how we moderate lists in general, how we handle the community lists. I have spoken publicly about my feelings on things like RIPE Discuss and how we now have a huge community there, and how really we probably wouldn't have set it up like this if we had planned to from the beginning. If we were setting up this kind of community now, we would look at doing things a bit differently and that's a consideration and I think we all, as Working Group Chairs and as a community, need to get involved in a good conversation about this and how to improve all of this.
So, yeah, it's not perfect, and we're working away. So, Carlos on that ‑‑ as Carlos has said: "No moderation is appreciated but if at extreme times it absolutely needs to be turned on, a public available archive seems to be a good compromise solution. While, this is not a question, I wish to thank the chairs for their patience."
Thank you, Carlos, I don't want to moderate, I certainly don't want to put the entire list into moderation, that would be a fail as far as I am concerned, but we just need to monitor this. Bad cases ‑‑ hard cases make bad laws, you know. I don't want to ‑‑ I don't want to do that. None of the three of us want to do that. So, we'll have to find the right way forward. But, again, thank you to the 99.9 recurring percent of people who contribute very usefully to the list.
So all of that said, and hopefully I won't have to say it again for a long time, hopefully ever, are there any other pieces of recent list discussion that people would like to talk about? People would lies to raise or discuss?
No. Dead air is a fun thing. Okay. In which case we will move on.
So, we have one not, you know, one of the co‑chairs talking agenda items here, and this is the policy proposal 2019‑04, and so we have a presentation on this from the proposer, Jordi, and then we will have a discussion about it. I will remind everybody both now and at the end of Jordi's piece before we get into discussion, that the mailing list is where we discuss proposals, so please remember to bring your pieces there as well, but we will obviously be looking at this conversation and bearing it in mind, but the mailing list is the place where we have these conversations.
So, policy proposal 2019‑04, validation of abuse mailbox. Jordi, do you want to go ahead and do your presentation.
JORDI PALET MARTINEZ: Thank you very much. I am trying to do this very short. Let me set a timer so I don't forget. I hope most of the people has been able to follow the discussion and read the proposal. Unfortunately I discovered a small mistake yesterday, I think it's not that much important, but we corrected it already ‑‑ well, the NCC already corrected it in the website, it was a kind of repetition of the additional information section of the policy proposal in the policy text, and that's not the case. Again, it's not very important, but sometimes it confuses people.
So, summary of what is the problem I see. With the actual policy that we have in place, we don't have a real validation of how many mails will be able to get abuse reports, okay, because it's a technical validation, and only if it fails, then the NCC is collating this. I am not trying to change in this version of the policy proposal. It was done in the previous versions, but after the previous discussions, I decided that this is obviously not the way to go. I am not trying to ensure that everybody processes their abuses. It's their decision. Read their e‑mails or whatever. But at least that if we really are asking for abuse mailbox, is one that at least can receive e‑mails. Okay, so that's the central thing and I believe that this is something that the actual policy is not able to fulfil. That's basically it.
And according to the previous discussion, one of the things that I changed is make sure that if somebody wants to use automated validation, I am fine. And, in fact, I think it's much better, and it will be better for everybody if we can make sure that we can use a standard instead of a form, because having a form ‑ we have explained this many times ‑ means that every ISP can have a different form and it's impossible to have automated processes for that, okay.
So, summary of the changes from the previous version: The text is much shorter, because following the discussion, I removed most of the changes that I was having in the policy. I have included the choice. It's not an obligation. Maybe this is something that we can bring to the discussion, that a choice should be the way. But at the moment it's a choice to support X‑ARF, which is basically in two standards. Again, I don't say anything about if you don't want to handle the abuse cases, that's your problem, that's your operational thing, but at least the database is correct so the e‑mail is able to get records. I have removed all the operational details. I explicitly indicated as a footnote that the timing I am suggesting in the policy proposal is twice per year for the validation, but the RIPE could change this validation period. And I understand that if the context improved, then we may need only to do once per year or once every two years, I don't know, that's something depending on the stats of the failures, the RIPE NCC could decide.
There is a section which I mentioned in the first place, which is additional information, is not part of the policy text. It's just to make sure that everybody gets clear that the policy is not looking into how the abuse mailbox is monitored or the cases are handled, okay. Just to reinforce that. And I am saying also there, and this is something that is not new, it's already in the process, but many people don't know, that if you don't get responses from an abuse case, you can always escalate it and this is the same for all the policies that we have, and everybody is free to use the escalation process that the RIPE has in place.
What I'm saying now the new thing here is, I am making sure, according to my conversations with the NCC, that if we want the stats, we should say that, okay. So the idea is we don't have stats about who is not doing the abuse resolving, but at least we know there are, let's say, 1 or 2% of problems which existing resource holders that are not doing that, and then the community can decide in the future if we want to do something about that.
If we compare the actual policy proposal with the actual policy text these are the changes, very, very short. I have changed "intended for receiving" to "must receive" messages. I think this is a problem how I read the text in English because I am not a native speaker. I believe it's the same, because if it's for receiving and it's not actually receiving, I think it's more clear to say "must receive", right.
The second change is validate the abuse mailbox and now I say "validate if it is present and can receive messages."
Annually change to it every six months but again with the footnote the RIPE NCC can change it. If the validation fails, this was part of the discussion with the policy officer about the language that I was using to make it more clear, so it's basically not changing anything, it's just making it more clear.
And new things:
Must not force the sender to use a form.
Clearly state that the validation will not check how cases are processed.
I already said this several times but I think it's key to make sure that everybody understands that.
Community should escalate/report back, so stats are provided.
And that's it. I had this slide from my previous presentation. We don't have this time a presentation from the NCC, so I can update the data, but this is a reality check. We believe that 93% are working, but is that real? Actually, it's impossible to say, because many of those that we believe are working have succeeded to pass the technical validation, but that doesn't mean that you actually send any mail, it will be received or it will bounce because the mailbox is full or it's a mailbox that nobody else is reading or it belongs to a different organisation. That's the key thing that we should resolve.
And finally, status in other registries.
This policy, actually not like this version, but closer to the Version 1 that we have been discussing from a long time, reached consensus about two years ago, I think, in APNIC, and APNIC implemented it. I think it was implemented already about six or seven months ago, and the escalation is already working and, well, we have good success, right.
It reached consensus also in LACNIC. This happened six months ago, I think. The board ratified it three or four months ago and it's been implemented and it's been mainly discussed in AFRINIC, I said in other regions, but to be correct, it's only in AFRINIC right now.
In ARIN there is something equivalent and I am considering to resubmit a policy proposal depending also in part on the discussion here. At the moment at least I think that the ARIN policy is doing much better than ours, because it's not a technical validation, it's much closer to what I am suggesting here.
That's it. Thank you.
BRIAN NISBET: Okay. Thank you very much, Jordi, and just to say, to remind everyone that we're ‑‑ this is version 3 of the policy, which was ‑‑ so the discussion phase for this version was started on the 28th April, and again I will remind everyone that was just about three weeks ago, even though it may seem like it was a year ago or seven weeks or or yesterday, depending on your own ability to keep an eye on linear time at this point.
This phase runs until the 27th May, there or thereabouts. So, we have a few weeks left of discussion on this as well, and we would certainly welcome more discussion, because myself and the co‑chairs were ‑‑ this has been difficult. There is a lot there and we're trying to tread the waters of consensus and I will say again, and I know this has been said, but I will be very clear on the fact that it is consensus that we're looking for. This is not a vote, there will not be a vote. If, at some point in the future, the RIPE community decides to change how they do policy proposals, then obviously the Anti‑Abuse Working Group will go along with that. But we haven't right now, so it is consensus that we're looking for.
So, we have two questions, albeit neither of them is really a question. They are more of a statement or possibly even a cross‑conversation at this point in time. We'll mention them while other people maybe have an opportunity to type to that virtual mike.
So, let us go in order.
Michele Neylon of Blacknight is ‑‑ one thing I would ask is, we're not seeing people's attributions in the questions, so if you wish to have an attribution, even if that is an individual sitting in their own bedroom, then please do type that into your question.
So, Michele of Blacknight: "Larger providers use forms. You cannot oblige them to change their processes because it's easier for you."
I think it's fair to say, before I ask you for a response, Jordi, that Carlos from CSIRT, forms are not automation‑friendly, even if there is no forcing someone to change their processes, having it somehow marked on WHOIS or RDAP would help automated systems which are not operationally in need for updated contacts to decide not to send a message that will certainly bounce.
I don't know if you have a comment there.
JORDI PALET MARTINEZ: I think Carlos responded for me. I think it's clear that people believe that forms are an automation. But actually not, because if the form is not the standard, everyone, and we have 25,000 LIRs, can have a different form. So, it's impossible you can automate it. And the people can change it, no way.
BRIAN NISBET: Okay. Peter Hessler, receiver of spam:
"If there is no obligation to react to abuse reports, what is the point of this proposal? Primarily to collect statistics?"
JORDI PALET MARTINEZ: Well, this problem is trying to improve something that we already decided. So I am not saying because that will be a different thing. Do we want to keep the existing policy in place? I agree. You are not forced to react on any, not just the spam, any abuse report. I don't think so. I personally don't agree. But this is the discussion that we are having, actually. Most people believe that we probably don't need to have the abuse record any more. Well then we should have a different point. Should we keep it? Again, personally, I believe yes. Some people, it's trying to say that this is absolutely useless, but that is a different discussion, right?
By the way, if we don't have this reporting, maybe regulators should do something if they start receiving complaints, I don't know. It's something that we should consider, right?
BRIAN NISBET: And speaking ‑‑ speaking as myself, I suppose as much as anything else, I would say it is something we need to consider. I think that there is a line to draw between the ‑‑ that whole question, and this is a bigger question for anti‑abuse and for a whole bunch of other people ‑‑ we talk sometimes about regulators and about what would happen if they turned up at the door, and we need to find the right line obviously between the risk of that and the impact of it and the policies we're looking at. Which is always very important.
So, I'm going to ‑‑ we're going to start having conversations between people, it's going to be difficult, as it always is in the physical meeting as well as the virtual one but we'll try and work through it.
Carlos Friacas again:
"Maybe someone can provide a gateway from e‑mail messages to the most popular forms of the larger providers. Some kind of middleware."
I don't know if you have an opinion on that, Jordi. This is separate to the proposal, I accept, but ‑‑
JORDI PALET MARTINEZ: That will be useful but I don't think that will be sufficiently quickly updated every time any ISP creates a new form or changes it or whatever. While, what I am saying is maybe, and this is not right now in the proposal as mandatory, maybe it's much better if we consider, as we do in many other policy proposals, asking for a standard. So, no more e‑mails, no more things like that. Make it just a standard. There are open source tools and of course preparatory tools that use X‑ARF. You have Fail2ban that works for any type of protocol abuse that can use X‑ARF to report the abuses. So, there is not that that much higher cost compared to processing e‑mails or things like that. That could work.
BRIAN NISBET: Okay. Let's see where we are here.
Okay, I'm not getting into this and I'm not putting this down but I'm going to read out the brief conversation that Carlos and Peart have had because I think it's useful just, for it to be there on the record.
Carlos asks to Peter Hessler:
"Do you send out abuse complaints when you receive spam? Do you have it automated or just on a case‑by‑case basis?"
And Peter responds: "I do manually send out abuse reports to a variety of sources. Some handle it. Many of the larger ones, Yahoo especially, do not."
I think it's fair to say that we know the landscape of who is handling what type of abuse is varied and I think, Jordi, it's also fair to say that there is no expectation that this proposal would suddenly ‑‑ I'm sorry, Carlos, I will get it right...eventually ‑‑ will suddenly make things magically better and suddenly force everybody to deal with the spam correctly.
So, Tobias Knecht, speaking for himself, again saying, his opinion:
"The burden of reporting abuse cannot be put on the reporter/victim of the abuse."
JORDI PALET MARTINEZ: This is something that I have very, very clear stated in my proposal. I think that's the basis of it. If we have the possibility to send abuse reports and I believe we should have that, the cost cannot be in the victims. There is no way to support that even if we escalate this to outside the Internet community, nobody will support that.
BRIAN NISBET: Okay. So, Niall O'Reilly speaking again for himself.
I think maybe some of this is in the proposal.
"Would a standard form or API be a target for a BCP?"
Sorry, it isn't in the proposal. But would a standard form or an API be a target for a best common practice?
JORDI PALET MARTINEZ: I discussed about this, I think it was last summer in the list, and I tried to investigate if we need to do something else in IETF, and I don't think so. But maybe I missed something. I believe that what we have right now is sufficient. If somebody can tell me well, we are missing this or that, I am happy to start the work in IETF, and I am sure some other people in the list will be willing to contribute.
BRIAN NISBET: Okay. And the ‑‑ so Michele Neylon of Blacknight.
"I understand your frustration with forms but cannot force one size fits all. You also forget that for some of us are abuse ingress it dealing with a wide variety of types of abuse, it's not just network abuse."
I think again, Michele, I will say that goes back to the definition of "abuse", and I think certainly we're a lot wider than just network abuse at this point in time. But for smaller providers ‑‑ to continue with your point ‑‑ for smaller providers implementing F‑AXR is not going to work.
JORDI PALET MARTINEZ: Actually I think it's going to work because smaller providers use more and more Open Source tools and I think it's very common to use Fail2ban, I use it myself, and it takes a couple of hours to implement that. So, I don't agree with that, but of course many other people may have different opinions.
BRIAN NISBET: Okay. And A.J. Wolski of Netrunner Labs.
"Jordi and Brian, looking for opinion: What about if the NCC would be the place to report abuse?"
I think, I mean I think we can say, and maybe there is someone from the NCC who wants to write something or can hop on even as a panel list here. The NCC have said before that they are not the place to report abuse for all of the net blocks and ASNs that they have issued. Speaking both as the co‑chair of this Working Group and as a member of the NCC, if I saw a proposal that came in that said the NCC would have to do that given it would be a huge job and a huge expense and a huge amount of recruitment would be required there, I would probably very seriously object to that on many levels but also the financial piece, and I think that any proposal that came in from that would have a fairly damming Impact Analysis from the NCC around the cost that is would be inherent to that.
So I think ‑‑
JORDI PALET MARTINEZ: Basically, I basically agree with that. Even if I'm not an NCC member, I don't think it's the right way. I think the NCC can facilitate and allow it to escalate and to try to see the contacts are wrong or simply if the LIR is not willing to respond. That's it.
BRIAN NISBET: I think ‑‑ I don't mean would handle but would collect. I suppose it's a question if somebody wanted to propose that, what would that look like? And that's the devil is very much in the details of such a thing.
We have a no to NCC abuse handling, and I suppose again that, this is not part of this proposal. So, I think that if somebody wants to propose that, then somebody, you know, somebody else should propose that.
Ivan Beveridge. It's not ‑‑ so again this is not part of this proposal. If; wished to propose that, then that is a separate proposal at that point in time and obviously go to the General Meeting and the members and all of those things.
We're going to have a couple more and then we're going to finish up because we are ‑‑ I mean, we have a little bit more time.
So, let's look at the right way of dealing with this.
Peter Koch, I am assuming from where he normally is, but:
"I would grow some sympathy for a signalling mechanism for some standard reporting format versus natural text. But that is a technical change to the attribute or even a new one. Definitely not a matter of policy."
JORDI PALET MARTINEZ: I don't think so. I think that should be responded by the NCC. If the NCC believes that they can implement manned to recall X‑ARF support, they should set that and then we probably have not too much to do. But I don't think they will say that.
BRIAN NISBET: Okay. Leo Vegoda: "I am still struggling with the overall goal of this proposal. On the one hand it states that focussing keeping the place to report abuse current, but on the other hand, it does not require any action from the report. I think this is the fundamental contradiction that needs to be resolved before the proposal can achieve anything useful."
I feel almost certain you would agree, Jordi.
JORDI PALET MARTINEZ: Yes, the I think is probably Leo is missing the previous versions. The first version was trying to enforce that abuse reporter should handle it. But the community told me no. So, I needed to change that. I mean, I prefer something in the middle to the right way that I believe is the right way than nothing, right? That's the thing. So, I agree with Leo. We should mandate the abuse reports to be handled but the community don't want that. So I cannot enforce that. That's it.
BRIAN NISBET: Okay. And I am going to close the virtual mic lines there, because we have got a couple of responses I want to read out and we're coming towards the end of our allotted time.
So, one thing I want to just say is there is kind of two responses from the NCC and they are saying fundamentally the same thing and fundamentally what I had said but I'm going to read them out again to put them on the record officially.
So, Marco Schmidt from the RIPE NCC.
"Being in the middle between abuse reporter and the network operator for all abuse reports would result in a very big extra workload."
And Kaveh from the NCC also saying, obviously: "The Impact Analysis would have to be done by us. And if it has significant effect on our operations, of course the board and possibly membership will be consulted before implementation can start and significant peer means it can the be covered by our membership approved budget within a budget year."
So they are again those pieces. What else do we have? Again, this is kind of the ongoing rumbling conversation about implementation. So Michele Neylon is saying that the "Slide specifically mentioned forms and e‑mail etc.," which is why he and others are reacting in this particular way.
JORDI PALET MARTINEZ: I don't understand that. I mean, yes, the slides say not to use forms because that's one of the problems I see. It's using e‑mail because the alternative to forms, right. If, instead of that, we want to use some more automated API, or whatever, I mentioned it before, maybe we are missing some piece to really make it possible without even sending e‑mails, and I think this gets back to the next question actually, I'm not sure if you want to read it before?
BRIAN NISBET: Yeah, I mean, Evgeny Kuskevich from somewhere, I am sorry, no attribution there. But "Forms help to protect us from inappropriate script‑generated complaints that keep on spamming even after proper reaction."
JORDI PALET MARTINEZ: Yes. The thing is that X‑ARF allows not the automation of sending the abuse record but also facilities the at remediation to process it. So if you are getting a spam which files X‑ARF complaints, they will be automatically discarded as well.
BRIAN NISBET: Okay. I think there is the technical information there and unfortunately Christian, I did say we were going to close the mic lines at that point in time, virtual or otherwise, I think that's there and Jordi can take a look at your ‑‑
JORDI PALET MARTINEZ: What I just said is responding also, or Christian is supporting what I just said, so I think it's responded already.
BRIAN NISBET: Okay. Cool!
Okay. So, there we had our discussion. Whether we are further along or not is a question. We do have two weeks left of the discussion phase. Jordi, again, thank you, whatever ends up happening, thank you for proposing this, thank you for anybody, and I mean it's one of the things I would say, we would really encourage people if they do see something like this, whether it's an anti‑abuse or any of the Working Groups, and you want to change something, there is a way of affecting change. It is the policy propose process. Policy development process. The co‑chairs of Working Groups, the amazing NCC staff are all there to help with that, and please don't feel like it's something reserved to some sort of elite group of people. Anyone can write a policy proposal, and then work with the chairs and the NCC staff to help with that. So we're going to close that conversation. If you can put yourself back on mute Jordi, that would be great.
Applause, virtually or otherwise for that. Thank you.
So, there is more discussion to be had on that. The co‑chairs are obviously reading the discussion very closely, and we appreciate more feedback, opinion, pros, cons, discussion on that as we move towards it. One of the things I will say and I have said before in this Working Group is that these things are incremental and it's very rare that it is all ‑‑ we look towards motion towards a better Internet, I think all of us. How we get there, though, is a very good question.
So, I'm just going to share my screen again briefly.
And we have a tiny bit of time left.
So is there any other business that we have very little time for and nobody brought anything up at the beginning of the agenda point? So I'm really assuming that the 316 of us that are on this call at this point in time are happy, or at least suitably so.
Oh, we have ‑‑ and Michele, thank you, he says thanks to the co‑chairs for our patience.
Thank you. I mean, it's been an interesting few months or few weeks. But, we do know that, you know, the Working Group is a bunch of, or the community are a bunch of really good people, and that is appreciated. And if any of you want to become a co‑chair, there are many opportunities to do so. And we need good, enthusiastic people to continue the community work.
And finally, RIPE 81 in October, hopefully, a physical meeting in Milan. You can discuss the probability of that, or otherwise, amongst yourselves. But we will be obviously looking for agenda items and interactions and more policies and all of those things for that, and you can contact us via e‑mail, you can mail the mailing list or ping us via one of the many things or indeed IRC at the moment, or chat.
So, there you go. That is the RIPE 80 Anti‑Abuse Working Group. I'd like to thank again the NCC staff for supporting us, for the huge amount of work they have done to put this meeting together and to make it actually happen, on behalf of the co‑chairs thank you to them, thank you to the steno and, most importantly, thank you to the Working Group, who are the reason we're all here.
So, yeah, thank you all, I hope to see you for the rest of the day today but also I heap to see you in Milan or else somewhere physical in the not‑too‑distant future. Thank you all very much.
(Coffee break)